I was using Java 6 for developing java applet.
Since applet jar file has to be signed before deploying it on the server. I created a self signed keystore.
The applet was working fine with java 6.
During first load applet displayed a warning with a checkbox option to allow the applet to run in the future without showing the warning.
Due to Java 6 security issues I upgraded to java 7 update 51.
This time however I got a scary warning (red and bold message) and no option to allow applet to run without displaying the warning in future.
Apparently java 7 does not like self signed jars.
So I contacted my organization security team and requested a “Code signing certificate”.
Below are the steps to created your own keystore and import the code signing certificate in it to sign a jar file.
- Generate Keystore
1
$ keytool -genkey -keyalg RSA -keysize 2048 -alias testKeystore -validity 365 -dname "CN=127.0.0.1, OU=Test Unit, O=Test company, L=Johannesburg, S=Gauteng, C=SA" -keystore testKeystore.jks -storepass password -keypass password
- Generate CSR from keystore
1
$ keytool -certreq -alias testKeystore -file csr.csr -keystore testKeystore.jks
Getting “code signing certificate” You can request a certificate form your organization certificate request server or buy it online.
I used my organization server, I selected “Code Signing Certificate” and pasted the contents of .csr file created above into the csr request text area.
The process will remain same for the other providers.
Once the certificate request has been approved you will get the two below files